4 matches found
ruby: Buffer overread vulnerability in StringIO
A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value...
ruby: Buffer overread vulnerability in StringIO
A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value...
PT-2024-2478
Name of the Vulnerable Software and Affected Versions: Ruby StringIO versions 3.0.1 through 3.0.6 Ruby StringIO versions 3.1.x through 3.1.4 Description: A buffer-overread issue was discovered in StringIO, where the ungetbyte and ungetc methods can read past the end of a string, and a subsequent...
Ruby: StringIO strio_getline() can divulge arbitrary memory
originally send by e-mail on 4 Jun 2016 The problem is this line in ext/stringio/stringio.c striogetline: c 1002 if limit 0 && s + limit pos = n = RSTRINGLENptr-string 997 return Qnil; 998 a wrong 'len' parameter to this function doesn't matter as it will correct it itself: c 98 static VALUE 99...